Muestra cómo realizar solicitudes HTTP autenticadas por Google Cloud.
Explora más
Para obtener documentación en la que se incluye esta muestra de código, consulta lo siguiente:
Muestra de código
C++
#include <google/cloud/functions/http_request.h>
#include <google/cloud/functions/http_response.h>
#include <google/cloud/storage/oauth2/google_credentials.h>
#include <curl/curl.h>
#include <cstdlib>
#include <optional>
#include <sstream>
#include <stdexcept>
#include <string>
namespace gcf = ::google::cloud::functions;
namespace {
/// A helper function to perform an HTTP GET request.
gcf::HttpResponse HttpGet(std::string const& url,
std::string const& authorization_header);
} // namespace
gcf::HttpResponse bearer_token(gcf::HttpRequest request) { // NOLINT
static auto const kTargetUrl = [] {
auto const* target_url = std::getenv("TARGET_URL");
if (target_url != nullptr) return std::string(target_url);
throw std::runtime_error("TARGET_URL environment variable is not defined");
}();
static auto const kCredentials = [] {
auto credentials =
google::cloud::storage::oauth2::GoogleDefaultCredentials();
if (credentials) return std::move(credentials).value();
std::ostringstream os;
os << "Error fetching credentials: " << std::move(credentials).status();
throw std::runtime_error(std::move(os).str());
}();
static auto const kCurlInit = [] {
return curl_global_init(CURL_GLOBAL_ALL);
}();
static_cast<void>(kCurlInit);
if (request.target() == "/no-auth-header") return HttpGet(kTargetUrl, "");
auto header = kCredentials->AuthorizationHeader();
if (header) return HttpGet(kTargetUrl, *header);
std::ostringstream os;
os << "Error creating authorization header: " << std::move(header).status();
throw std::runtime_error(std::move(os).str());
}
Go
import (
"context"
"fmt"
"io"
"google.golang.org/api/idtoken"
)
// `makeGetRequest` makes a request to the provided `targetURL`
// with an authenticated client using audience `audience`.
func makeGetRequest(w io.Writer, targetURL string, audience string) error {
// For Cloud Functions, endpoint (`serviceUrl`) and `audience` are the same.
// Example `audience` value (Cloud Functions): https://<PROJECT>-<REGION>-<PROJECT_ID>.cloudfunctions.net/myFunction
// (`targetURL` and `audience` will differ for GET parameters)
ctx := context.Background()
// client is a http.Client that automatically adds an "Authorization" header
// to any requests made.
client, err := idtoken.NewClient(ctx, audience)
if err != nil {
return fmt.Errorf("idtoken.NewClient: %v", err)
}
resp, err := client.Get(targetURL)
if err != nil {
return fmt.Errorf("client.Get: %v", err)
}
defer resp.Body.Close()
if _, err := io.Copy(w, resp.Body); err != nil {
return fmt.Errorf("io.Copy: %v", err)
}
return nil
}
Java
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.IdTokenCredentials;
import com.google.auth.oauth2.IdTokenProvider;
import java.io.IOException;
public class Authentication {
// makeGetRequest makes a GET request to the specified Cloud Run or
// Cloud Functions endpoint `serviceUrl` (must be a complete URL), by
// authenticating with an ID token retrieved from Application Default
// Credentials using the specified `audience`.
//
// For Cloud Functions, endpoint (`serviceUrl`) and `audience` are the same.
// Example `audience` value (Cloud Functions): https://project-region-projectid.cloudfunctions.net/myFunction
public static HttpResponse makeGetRequest(String serviceUrl, String audience) throws IOException {
GoogleCredentials credentials = GoogleCredentials.getApplicationDefault();
if (!(credentials instanceof IdTokenProvider)) {
throw new IllegalArgumentException("Credentials are not an instance of IdTokenProvider.");
}
IdTokenCredentials tokenCredential =
IdTokenCredentials.newBuilder()
.setIdTokenProvider((IdTokenProvider) credentials)
.setTargetAudience(audience)
.build();
GenericUrl genericUrl = new GenericUrl(serviceUrl);
HttpCredentialsAdapter adapter = new HttpCredentialsAdapter(tokenCredential);
HttpTransport transport = new NetHttpTransport();
HttpRequest request = transport.createRequestFactory(adapter).buildGetRequest(genericUrl);
return request.execute();
}
}
Node.js
/**
* TODO(developer): Uncomment these variables before running the sample.
*/
// Example: https://my-cloud-run-service.run.app/books/delete/12345
// const url = 'https://TARGET_HOSTNAME/TARGET_URL';
// Example (Cloud Functions): https://project-region-projectid.cloudfunctions.net/myFunction
// const targetAudience = 'https://TARGET_AUDIENCE/';
const {GoogleAuth} = require('google-auth-library');
const auth = new GoogleAuth();
async function request() {
console.info(`request ${url} with target audience ${targetAudience}`);
const client = await auth.getIdTokenClient(targetAudience);
const res = await client.request({url});
console.info(res.data);
}
request().catch(err => {
console.error(err.message);
process.exitCode = 1;
});
Python
import urllib
import google.auth.transport.requests
import google.oauth2.id_token
def make_authorized_get_request(endpoint, audience):
"""
make_authorized_get_request makes a GET request to the specified HTTP endpoint
by authenticating with the ID token obtained from the google-auth client library
using the specified audience value.
"""
# Cloud Functions uses your function's URL as the `audience` value
# audience = https://project-region-projectid.cloudfunctions.net/myFunction
# For Cloud Functions, `endpoint` and `audience` should be equal
req = urllib.request.Request(endpoint)
auth_req = google.auth.transport.requests.Request()
id_token = google.oauth2.id_token.fetch_id_token(auth_req, audience)
req.add_header("Authorization", f"Bearer {id_token}")
response = urllib.request.urlopen(req)
return response.read()
¿Qué sigue?
Para buscar y filtrar muestras de código para otros productos de Google Cloud, consulta el navegador de muestra de Google Cloud.